A financially motivated cyber crime insider trading scheme targets international law firm information used to facilitate business ventures. The scheme involves a hacker compromising the law firm’s computer networks and monitoring them for material, non-public information (MNPI). This information, gained prior to a public announcement, is then used by a criminal with international stock market expertise to strategically place bids and generate a monetary profit.

Threat

In a recent cyber criminal forum post, a criminal actor posted an advertisement to hire a technically proficient hacker for the purposes of gaining sustained access to the networks of multiple international law firms. The criminal provided search criteria for industry-specific information for the hackers to locate within the networks. This information when interpreted by an industry expert can contribute to an insider trading scheme.

Recommendations

Historically, industries targeted by cybercriminals have discovered that their networks were susceptible to intrusion due to lack of adherence to network security industry standards.

Measures to deter unauthorized access to a company network:

Educate personnel on appropriate preventative and reactive actions to known criminal schemes and social engineering threats, including how employees should respond in their respective position and environment.

Scrutinize links contained in e-mails, and do not open attachments included in unsolicited e-mails.

Disable macros. Be careful of pop-ups from attachments that require users to enable them.

Only download software – especially free software – from known and trusted sites

Only allow required processes to run on systems handling sensitive information.

Implement two-factor authentication for access to sensitive systems.

Ensure proper firewall rules are in place.

Be aware of the corporate footprint and persona facing the Internet. Conduct searches using multiple search engines on multiple Internet domains of company names, Web addresses, key personnel, and projects to determine if there is an accidental weak point in the network security. Conduct infrastructure look-ups in the public domains to ensure additional information is not inadvertently advertised.